Chris Hecker checker at
Thu Sep 3 03:27:27 EDT 2020

 > This is strange. Isn't there a way to "init" a krb5 library context 
by *PASSING* the config directly to the init funciton?!?

Check out krb5_init_context_profile, I had to expose it in my local copy 
of krb5 years ago, but I think it might be exposed now?


------ Original Message ------
From: "Scot McKinley" <scot.mckinley at>
To: "Greg Hudson" <ghudson at>; krbdev at
Sent: 2020-09-02 21:08:28
Subject: Re: krb5_init_context()

>Hi Greg, in looking at the header files, and your previous reply, it
>appears that krb5_init_secure_context() may be exactly what i want.
>  > I don't think it will solve this problem, as it simply causes the
>context to ignore environment variables.
>Yes, i want a "krb5_init_context" that "ignores environment variables",
>and thus retrieves its config in some other manner. In this case, it
>appears that the "other manner" of retrieving config for
>"krb5_init_secure_context" is some configuration files, which is a
>problem, since we have our OWN config files.
>This is strange. Isn't there a way to "init" a krb5 library context just
>by *PASSING* the config directly to the init funciton?!?
>Regards, Scot
>On 9/2/2020 12:51 PM, Scot McKinley wrote:
>>  Hi Greg, the issue that i am talking about is that krb5_init_context()
>>  gets its config from the environment var KRB5_CONFIG. We are looking
>>  for an initialization of the krb5 context that doesn't rely on the
>>  environment.  I was hoping that was krbt_init_secure_context(). Is
>>  there some OTHER way of passing the config that is retrieved via
>>  KRB5_CONFIG in a non environment variable manner?
>>  Thanks, Scot
>>  On 9/2/2020 11:56 AM, Greg Hudson wrote:
>>>  On 9/2/20 2:31 PM, Scot McKinley wrote:
>>>>  For our use of KfW, we are using krb5_init_context() as our initial
>>>>  call
>>>>  to krb5, attempting to use the environment interface defined for the
>>>>  API. The problem is that env on windows is not well supported and is
>>>>  buggy (env is actually cached at the loading of particular library).
>>>  I'm not sure what "the environment interface defined for the API" efers
>>>  to.  But I am aware of
>>>  which unfortunately hasn't been resolved.
>>>>  I see now that there is another API: krb5_init_secure_context(), which
>>>>  appears to be created to get around exactly this type of env
>>>>  problem. Do
>>>>  you let me know or point me to doc that shows the interface for this
>>>>  new
>>>>  function?
>>>  krb5_init_secure_context() isn't new--it was in the 1.0 release.  I
>>>  don't think it will solve this problem, as it simply causes the context
>>>  to ignore environment variables.  The documentation for it is at:
>>>  It seems possible that you meant krb5_init_context_profile(), which was
>>>  added in release 1.10:
>>>  This interface was created to make it possible to use
>>>  profile_init_vtable() with a krb5 context.  See the comments in
>>>  profile.h for how to use that.
>>>  (It would probably be easier if one could create a memory-only profile
>>>  object, either empty or from a file, and then use profile_add_relation()
>>>  and/or profile_update_relation() on it.  But that hasn't been
>>>  implemented.)
>krbdev mailing list             krbdev at

More information about the krbdev mailing list